BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BoA breach - possible Wal-Mart connection?

From: Chris Walsh <cwalsh () cwalsh org>
Date: Sat, 11 Feb 2006 20:05:43 -0600

And to be specific, is it Sam's Club, which was reported as being  
breached in early December 2005, and where Wal-Mart denied that a  
computer system of theirs had been compromised?  Where Gartner and  
American Banker chided Visa and MC for hordeing info and playing  
favorites?  Where PCI standards were not followed and stripe data  
were stored?  Wow.

The connection between the BofA/Wamu/Wells Fargo card reissues, and  
the earlier one by Regions Bank, and the months earlier ones by the  
Alabama Credit Union, et. al. is one I semi-drew  (http:// 
www.emergentchaos.com/archives/002414.html).  I didn't think there  
was enough to pin it on Sam's Club, especially since BofA said a  
processor wasn't involved. How would a retailer lose so much info,  
especially since reports in December were that the detected frauds  
likely were from customers who bought gasoline at Sam's Club?

Sam's Club said this on 12/2/2005 (http://www.prnewswire.com/cgi-bin/ 
stories.pl?ACCT=104&STORY=/www/story/12-02-2005/0004227070):

" SAM'S CLUB stressed that the electronic systems and
databases used inside its stores and for http://samsclub.com are not  
involved."

So, databases "inside its stores" and the web site didn't get  
penetrated.  That leaves, uh, POS devices, and....dare I say  
it...*wireless*?   If we find out that they got p0wned via wireless  
(a la Lowes, back in 2003?) I will fall off my chair.

This could be huge.  Wal-Mart wants to get into the banking business,  
and (if true) this isn't exactly a ringing endorsement.

Early in December, I had some fun with ID Analytics and used their  
numbers to argue that this breach would have exposed 600,000  
accounts.  It doesn't seem like fun, now.

On Feb 11, 2006, at 6:54 PM, lyger wrote:




Bank Card Reissues May Be Linked to Wal-Mart Breach

By Paul F. Roberts and Matt Hines <mailto:matt_hines () ziffdavis com>
February 10, 2006

In what appears to be a widening incident, Bank of America,  
MasterCard and
Visa all announced this week that they have been informed of a  
potential
security breach at a U.S.-based retailer.

The companies refused to name the retailer involved, but at least  
one bank
said that systems belonging to Wal-Mart Stores, the world's largest
retailer, may be to blame.

http://security.ithub.com/article/Bank+Card+Reissues+May+Be+Linked 
+to+WalMar
t+Breach/171328_1.aspx

_______________________________________________
Dataloss mailing list
Dataloss () attrition org
https://attrition.org/mailman/listinfo/dataloss



_______________________________________________
Dataloss mailing list
Dataloss () attrition org
https://attrition.org/mailman/listinfo/dataloss
Previous By Date Next
Previous By Thread Next

Current thread: